CVE-2025-12462

CRITICAL EPSS 35.8%

Published Mar 2, 20263mo ago · Modified Apr 27, 20262mo ago

9.3 CVSS 4.0

Critical

Published Mar 2, 2026 3mo ago

Last Modified Apr 27, 2026 2mo ago

Description

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injection. This issue was fixed in versions above 8.0.

CVSS Details

Base Score

9.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

35.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

References 1

cert.pl https://cert.pl/posts/2026/03/CVE-2025-12462/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.